modelslab-3d-generation

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's examples and code pass API keys directly (e.g., "key": api_key and literal "your_api_key") and show embedding them into request payloads/usage, which would require the LLM/agent to include secret values verbatim in generated outputs or commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's image_to_3d endpoint accepts arbitrary public image URLs (e.g., product_image_url examples) which the ModelsLab API fetches and ingests to generate 3D models, exposing the agent to untrusted, user-provided third-party content.